Browse all 3 CVE security advisories affecting fedora-python. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fedora-python serves as the primary Python implementation for Fedora Linux, enabling system and application development through its runtime environment. Historically, it has been susceptible to remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from insecure package handling or library dependencies. While no major security incidents have been widely documented, the project maintains three active CVE records, primarily related to memory corruption and input validation weaknesses. Security updates are regularly released to address these concerns, with Fedora-python benefiting from the broader Fedora security infrastructure that provides rapid patching and vulnerability monitoring.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28350 | lxml_html_clean: <base> tag injection through default Cleaner configuration — lxml_html_cleanCWE-116 | 6.1 | Medium | 2026-03-05 |
| CVE-2026-28348 | lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes — lxml_html_cleanCWE-116 | 6.1 | Medium | 2026-03-05 |
| CVE-2024-52595 | HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through — lxml_html_cleanCWE-79 | 7.7 | High | 2024-11-19 |
This page lists every published CVE security advisory associated with fedora-python. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.